Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: HashiCorp
Published: 2023-06-02T22:43:34.553Z
Updated: 2024-08-02T06:33:05.672Z
Reserved: 2023-05-19T18:11:06.618Z
Link: CVE-2023-2816
Vulnrichment
Updated: 2024-08-02T06:33:05.672Z
NVD
Status : Modified
Published: 2023-06-02T23:15:09.503
Modified: 2023-11-07T04:13:22.913
Link: CVE-2023-2816
Redhat
No data.